3. Inspection And Policy Enforcement Above Layer 4Application awareness will be prevalent in the next generation of smart switches.

If you're a small to midsize business with a bare-bones infrastructure budget for 2009, chances are that investing in network access control is near the bottom of your priority list. But what if you could get a 24-port Gigabit Ethernet switch, with built-in firewall, DHCP server, captive portal for guest access, andnetwork access control designed for the SMB market--all in one box? That's the niche market that Napera Networks, founded in late 2006, is targeting with its 24-port NAC appliances.

The Napera N24 can be deployed as a single device handling all the core networking and security services needed to run a small business. For larger environments, as many as eight N24 NAC appliances can be stacked, with centralized management of all eight switches and up to 800 client devices. For shops that already have a capable core switch, the N24 shines at the edge of the network, where it can apply security policy and quarantine threats before they reach the core.

The N24 integrates with Microsoft's Network Access Protection, or NAP, agent and the Windows Security Center service in order to provide health checks and auto-remediation for Windows firewalls, anti-spyware/antivirus installation and update status, and operating system update status.

As a device connects to the N24, the administrator has several options for authentication, all of which can be defined on a per-port basis. Using the N24's captive portal capabilities, guest access can be accomplished via direct integration with your Active Directory infrastructure or via user accounts within the N24's database.

Assuming you're running XP SP3 or Vista with the NAP agent installed, Napera provides an automated script that turns up all services and agents necessary for access control as well as auto-remediation.

Health Updates

One of our favorite features included on the N24 is the ability to do health checks on incoming remote access sessions via the built-in PPTP VPN server. The DHCP server and built-in firewall, although basic, are adequate for most branch and small-office security and network address translation needs.

OURTAKE

NAPERA NETWORKS N24 NAC APPLIANCE

•
Napera puts a wide array of capabilities into a single package that deploys in minutes and targets a niche space that larger NAC players have seemingly forgotten about.

• Most features are limited in scope compared with enterprise offerings, especially in the reporting area. But the N24 provides all networking and NAC services needed to secure a small to midsize LAN.

•
The N24 is a unique beast now, but expect to see more and similar "smart switches" in the next 24 months.

The only real gripe we have with the N24 is its lack of detailed reporting. Basic system health reports indicate the antivirus software each system is running, for example, but they don't report the version of the software or virus signature version. The Microsoft NAP agent determines what the most recent software version is via vendor-supplied Windows Management Instrumentation providers, so it's possible to obtain a clean bill of health even if you're not running the latest version of antivirus software.

From a budget perspective, if you're planning to spend a couple of thousand dollars on a lower-end 24-port Gigabit Ethernet switch and firewall, it might make sense to pony up a little more cash and get the turnkey NAC and captive portal features that N24 provides. If you're upgrading to Windows Server 2008 just to add NAP to your mix of security tools, the N24 makes even more sense once you factor in the hardware and licensing costs.

The N24 lists for $3,495, with annual subscription and maintenance costs of $695 after the first year. The N24S stackable expansion switch (which we didn't test) lists for $995 with maintenance costs of $195 after the first year.

Randy George is CEO of IT Analytics Solutions, a provider of custom research for enterprise IT.